2016.11.09 17:22 "[Tiff] comments about bugs 2581 and 2587", by Henri Salo

2016.11.10 02:37 "Re: [Tiff] comments about bugs 2581 and 2587", by Bob Friesenhahn

Le mercredi 09 novembre 2016 18:22:56, Henri Salo a écrit:

New security related issue reported in:

http://bugzilla.maptools.org/show_bug.cgi?id=2581

with CVE request in:

http://www.openwall.com/lists/oss-security/2016/11/09/13

It looks to me it is an issue with address sanitizer itself that cannot handle allocation attempts of 17 GB, but when running in normal conditions (and under Valgrind too), the realloc() fails properly (or might succeed if you have a huge amout of RAM) properly.

One could discuss if libtiff should do such huge allocations but that's a tricky subject...

A common OS (Linux) thinks nothing of allowing huge allocations since the allocations don't consume actual memory (only virtual memory) until they are written to. Other OSs work differently. Some OSs will allocate backing store ("swap") for the memory allocations to assure that the process can page out if it has to.

Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/